Chief Privacy Officer: The Next Big Job in Tech?

Facebook and the Federal Trade Commission (FTC) are reportedly in the middle of negotiating a huge settlement over the company’s privacy breaches. For Facebook, it’s not just a matter of cash, even though it expects to pay out billions of dollars in fines to the federal government; the harder part could involve any constraints on how it can manage (and sell) user data.

Facebook might have to appoint a “federally approved privacy official,” according to Politico, which drew its information from an unnamed source. In addition, it could create “an ‘independent’ privacy oversight committee that may include Facebook board members.”

In a twist that critics of the company may view as spectacularly ironic, Facebook CEO Mark Zuckerberg might end up as the company’s “designated compliance officer,” or the person ultimately tasked with ensuring that private data is indeed secured.

The effectiveness of these potential regulations depends on how much oversight the federal government will have into the “privacy official,” committee, and “designated compliance officer.” If the government can punish those officials (and the company as a whole) for failing to safeguard user privacy, that could translate into meaningful change; but if these moves are toothless, then Facebook may revert to its business-as-usual approach when it comes to user privacy.

Indeed, Politico’s source indicated that no other major regulations are forthcoming with regard to how Facebook conducts the data side of its business, although that situation could always change. As data scandals seemingly break on a quarterly basis, the pressure is only increasing for the U.S. to institute more stringent controls on how data is used—although it remains to be seen whether this country will imitate what the European Union did with the sweeping GDPR policy.

But if Facebook is indeed forced to appoint executives concerned solely with user privacy, it could drive a sea change of sorts across the tech industry; you may very well see the rise of “Chief Privacy Officer” as a formal position in many more C-suites.

Yes, some companies already have these “CPOs” in place; they’re tasked with mitigating the impact of data breaches, making sure the company has an ironclad user-privacy policy, and communicating issues to the public, government entities, and so on. But if the potential penalties for breaches become severe enough, CPOs could become far more prevalent.